CVE-2024-27348

ENISA EUVD: EUVD-2024-1059 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles Published: 2024-04-22

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.34%

probability

This CVE has a 94.34% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Affected Products

Apache Software Foundation

Apache HugeGraph-Server

1.0.0

apache

hugegraph

Apache Software Foundation

Apache HugeGraph-Server

1.0.0 <1.3.0

Apache Software Foundation

Apache HugeGraph-Server

Attack Intelligence

CWE-284 · Improper Access Control

Exploits & PoC

Zeyad-Azima/CVE-2024-27348

Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )

61 2024-06-08

kljunowsky/CVE-2024-27348

Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit

18 2024-06-03

jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE

4 2024-06-12

akelaqe/CVE-2024-27348-HugeGraph-RCE

1 2026-03-30

p0et08/CVE-2024-27348

This is a repository for Apache HugeGraph Remote Code Execution vulnerability(CVE-2024-27348))

0 2025-02-10

wqfh/CVE-2024-27348

CVE-2024-27348 Exploitation Toolkit: Complete RCE exploit for Apache Huge-Graph-Server vulnerability.

0 2025-12-13

6 repos — triés par ⭐ Rechercher sur GitHub ↗

https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication

https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/04/22/3

Signal Intelligence

Confidenceⓘ

78%

EPSS 94.34%

CVSS v3.1 9.8

Mentions 2

CNA Information

CNA Assigner

apache

CNA Title

Apache HugeGraph-Server: Command execution in gremlin

Analyst Note

CVE-2024-27348 is a critical Apache HugeGraph RCE vulnerability (CVSS 9.8) affecting versions before 1.3.0. Article explicitly states threat actors are 'actively exploiting' the 'recently disclosed' flaw, indicating in-the-wild exploitation concurrent with or shortly after disclosure. No evidence of prior patched exploitation; timing aligns with zero-day criteria.

Triage Info

Decided atMar 20, 2026

Published DateApr 22, 2024